HTTPS MITM in Kazakhstan starting 2024-02-07

There’s a bug in Mozilla Bugzilla that says there’s a new HTTPS MITM in Kazakhstan since 2024-02-07. (At least, that’s when the bug was opened.)

Bug 1879046: Add New Kazakhstan Root Certificate to OneCRL

Another MITM attempt by the KZ government.
When I visit https://m.reactor.cc, the real certificate is replaced with the one that I attached.

Many people install mandatory certificate to be able to access some government websites.
I’m not sure if the browser will let you in if you have those mandatory certificates installed.

The following certificate information will be of use in adding this root certificate to OneCRL:

“issuerName”: “MFMxNTAzBgNVBAMTLEluZm9ybWF0aW9uIFNlY3VyaXR5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYDVQQKEwRJU0NBMQswCQYDVQQGEwJLWg==”,

“serialNumber”: “MgQS30wvsQLzmAyqdrphCuYshJI=”,

“pubKeyHash”: “iSjFk5iw8XHA+W/a5quN0PSO4G0XTaEMQErAAUPHp0k=”,

Serial Number 320412DF4C2FB102F3980CAA76BA610AE62C8492
Subject C=KZ, O=ISCA, CN=Information Security Certification Authority
Issuer C=KZ, O=ISCA, CN=Information Security Certification Authority
Not Before 2020-02-28T06:16:40Z
Not After 2050-02-28T06:16:40Z

SHA1 Hash 1375EBDCF56359AAE0423E861AC8FC6231511CE6
SHA256 Hash 89107C8E50E029B7B5F4FF0CCD2956BCC9D0C8BA2BFB6A58374ED63A6B034A30
SPKI SHA256 8928C59398B0F171C0F96FDAE6AB8DD0F48EE06D174DA10C404AC00143C7A749
Subject SPKI SHA256 6B0F6067F2FE25B0BAC6679266AE73749DC7D1044C84809398F9E37AF3F4F311
HPKP PIN-SHA256 iSjFk5iw8XHA+W/a5quN0PSO4G0XTaEMQErAAUPHp0k=
Certificate Extensions
AuthorityKeyID sgQS30wvsQLzmAyqdrphCuYshJI=
SubjectKeyId sgQS30wvsQLzmAyqdrphCuYshJI=

I found this one through a meta-tracking bug for Kazakhstan MITM:

Bug 1883772: [meta] tracking blocking Kazakhstan MITM roots

At first I thought that could be just a “page blocked” redirection host which mimic the domain, but no, this is a “legitimate” certificate issued for m.joyreactor.cc by KZ intermediate certificate.

$ openssl verify -attime 1706797413 -CAfile kzall.crt -show_chain -verbose m-joyreactor-cc\(1\).pem 
m-joyreactor-cc(1).pem: OK
Chain:
depth=0: CN = m.joyreactor.cc (untrusted)
depth=1: C = KZ, O = ISCA, CN = Intermediate
depth=2: CN = Information Security Certification Authority, O = ISCA, C = KZ

Сейчас обнаружил вот такой перфоманс

echo | openssl s_client -servername xakep.ru -connect xakep.ru:443 2>/dev/null | openssl x509 -noout -issuer -subject -dates
issuer=C = KZ, O = ISCA, CN = Intermediate
subject=CN = xakep.ru
notBefore=Jul 22 10:41:04 2024 GMT
notAfter=Oct 20 10:41:03 2024 GMT

ето точн понтделка у их там летс енкрипт (US) а не KZ

issuer=C=US, O=Let's Encrypt, CN=E5
subject=CN=xakep.ru
notBefore=Jul 22 10:41:04 2024 GMT
notAfter=Oct 20 10:41:03 2024 GMT

Да, это настоящий сертификат, у меня происходит подмена

да это понятно. интересно что дата/время прям один в один
и какие то непонятные пробелы в сертификате. ошибка их “генератора” ?
смотрю везде слитно

issuer=C=US, O=Let's Encrypt, CN=E5
subject=CN=ntc.party
issuer=C=US, O=Let's Encrypt, CN=R10
subject=CN=sber.ru

issuer=C = KZ
O = ISCA
CN = Intermediate
subject=CN = xakep.ru

Так вроде все нормально, где лишние пробелы? Подмена кстати прекратилась.

OONI, Internet Freedom Kazakhstan (IFKZ), and Eurasian Digital Foundation have a new report on Kazakhstan that documents MITM using this latest “Information Security Certification Authority” certificate since 2021. They have a list of known affected domains and various intermediate certificates that have been seen. Their analysis ends in June 2024, so it doesn’t include your notBefore=Jul 22 10:41:04 2024 GMT, but it’s consistent with the pattern.

• Kazakhstan: TLS MITM attacks and blocking of news media, human rights, and circumvention tool sites
• Казахстан: TLS MITM атаки и блокировка сайтов новостных и правозащитных ресурсов, а также сайтов инструментов по обходу блокировок

Specifically, OONI data from Kazakhstan shows that the following domains were targeted by TLS MITM attacks:

• 360tv.ru
• astrakhan.sm.news
• compromat.ru
• cont.ws
• knews.kg
• kz.tsargrad.tv
• regnum.ru
• rutracker.org
• sproot.it
• stanradar.com
• ukraina.ru
• www.for.kg
• www.pinterest.com
• xakep.ru

The specific intermediate certificate that we found to be signed by the latest root certificate has as common name “Information Security Certification Authority” and has an issuance date of 28 February 2020 and expiry date of 28 February 2050.

In OONI data collected from Kazakhstan between 2023 to 2024, we found 6 distinct intermediate certificates being used to carry out the TLS MITM. Each of these certificates has a relatively short duration period of validity of 75 days. This means that in order for the certificate chain to continue functioning properly, they would have to re-emit a new intermediate from their root CA at least every 74 days.

The specific intermediates we found in our data are the following:

• https://explorer.ooni.org/m/20210808015758.022737_KZ_webconnectivity_3b9213f9ee4f2d06

  Fingerprint: c0e15a945595372030f0d45938ebb6081bb39fb5
  Serial: 542829070264121061358597976201233251364726286334
  Not valid before: 2021-06-18 12:54:34
  Not valid after: 2021-09-01 12:54:34
  

• https://explorer.ooni.org/m/20210914080702.850310_KZ_webconnectivity_88ece394d9a0fcdc

  Fingerprint: 90f9aa29195ecbfbf2c943ab1d5102f3ec84a68c
  Serial: 600636309019776433832878055409971857043873967144
  Not valid before: 2021-08-19 12:39:14
  Not valid after: 2021-11-02 12:39:14
  

• https://explorer.ooni.org/m/20231016130600.035487_KZ_webconnectivity_4a5c38a0f8bea740

  Fingerprint: 8634ecaefb5d02463d2a9ce42178001154752561
  Serial: 293697198316360729812453916520636458008892047728
  Not valid before: 2023-08-09 06:33:35
  Not valid after: 2023-10-23 06:33:35
  

• https://explorer.ooni.org/m/20240317052821.044604_KZ_webconnectivity_3752cbf5dac624e9

  Fingerprint: dfcd9dcb64edd86e333ad6247e2deda7dcf10ebd
  Serial: 621829445753241691614495298860851878603068917060
  Not valid before: 2023-11-28 11:24:53
  Not valid after: 2024-02-11 11:24:53
  

• https://explorer.ooni.org/m/20231118140134.149173_KZ_webconnectivity_a93dfc958ab79ec2

  Fingerprint: cb074692a22395fa615a89a86d877c9abc034867
  Serial: 203432698505598047390349427507107109607746033885
  Not valid before: 2023-11-02 09:03:07
  Not valid after: 2024-01-16 09:03:07
  

• https://explorer.ooni.org/m/20240418133819.497733_KZ_webconnectivity_bd3a0d69cd5e8aca

  Fingerprint: 5d54c6afa4fd4685359875595565ae9f8caab914
  Serial: 499633659418679795571951434192241531137344178316
  Not valid before: 2024-03-20 05:50:15
  Not valid after: 2024-06-03 05:50:15
  

What’s quite surprising from the above time ranges is that it’s quite apparent that there is a gap in between the renewal of the certificates. Based on OONI data, we were able to confirm that even if internet users in Kazakhstan were to have installed the root certificate, as directed by the government, they would still have received certificate validation errors between 2nd November 2011 and 9th August 2023. Shorter windows of invalidity for the certificate can be observed between 23rd October 2023 and 28th November 2023, and then between 11th February 2024 and 20th March 2024.

What can be seen from the chart below is that these intermediate certificates were spotted in the wild and being used to perform MITM even during periods of certificate invalidity.

This suggests that if users were to attempt to visit the sites affected by the MITM and had installed the root CA, they would still be getting an error.

It’s unclear to us why they went through the hassle of telling users to install the root CA, but then failed to keep the intermediates up to date in order to effectively carry out a MITM attack, even when users were fully compliant with government orders. We can only speculate that this is either due to some misconfiguration in the periodic renewal task (although for the first certificate we see the time window of invalidity is almost 2 years), or that for 3 times they forgot to renew their certificates on time.